One-Step Logon [ASA]

If you plan to deploy only the one-time password based authentication in your user base using OTP tokens such as Deepnet SafeID, MobileID, then you will configure your Cisco ASA in such way that it will use your AD as the primary authentication server and your DualShield as the secondary authentication server. Your AD will be responsible for verifying users’ AD passwords and your DualShield will be responsible for verifying users’ one-time passwords only.

Edit Logon Procedure

In the DualShield Management Console, edit the logon procedure for your Cisco ASA application. You will only need one logon step and typically the logon step will have “One-Time Password” as the authentication method:

Configure Cisco ASA

Select Remote Access in the accordion menu on the bottom
Select Clientless SSL VPN Access, select Connection Profiles
In the Connection Profiles section, select your existing SSL VPN profile and click Edit
(Click Add if you do not yet have a SSL VPN profile)

If this is an existing SSL connection profile then you would have your AD server set as its authentication server.
If this is a new SSL connection profile then set your AD server set as its authentication server as shown above.
Expand Advance and select Secondary Authentication

Select "DualShield" in the Server Group
Enable "Use primary username"
Click "OK"
Finally, Click "Apply" to save all settings

Test Logon

Navigate to the Cisco ASA SSL VPN logon page:

The logon form consists of 3 fields:

User name: User's domain account login name

Password: AD password

2nd Password: One-time password

Customise Logon Form

You can customise Cisco ASA logon page to make it more user friendly. For instance, you may want to change “2^nd Password” to “Passcode” or “One-Time Password”.

The basis of the customisation is to change relevant messages or HTML and Javascript files in the Cisco ASA appliance.

In ASDM, go to Remote Access VPN ->Clientless SSL VPN Access -> Portal -> Customization. Click on Add to add a new customization object.